× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22f47eed5da54802856a9aa4662c4a3d70d501b9726b662842da438fe0be593a
File name: d1c2f79125818f1e7ea16784acf63712
Detection ratio: 32 / 69
Analysis date: 2018-09-28 03:13:51 UTC ( 7 months, 4 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Generic.Ransom.WCryG.B6E79C46 20180928
AhnLab-V3 Trojan/Win32.Occamy.C2715883 20180927
ALYac Generic.Ransom.WCryG.B6E79C46 20180928
Arcabit Generic.Ransom.WCryG.B6E79C46 20180928
BitDefender Generic.Ransom.WCryG.B6E79C46 20180928
CAT-QuickHeal Trojan.YakbeexMSIL.ZZ4 20180927
ClamAV Win.Ransomware.Generic-6545091-0 20180928
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180723
Cybereason malicious.125818 20180225
DrWeb Trojan.Encoder.26402 20180928
Emsisoft Generic.Ransom.WCryG.B6E79C46 (B) 20180928
Endgame malicious (high confidence) 20180730
ESET-NOD32 a variant of MSIL/Filecoder.LK 20180928
F-Secure Generic.Ransom.WCryG.B6E79C46 20180927
Fortinet MSIL/Filecoder.LK!tr.ransom 20180928
GData Generic.Ransom.WCryG.B6E79C46 20180928
K7AntiVirus Trojan ( 0053be681 ) 20180927
K7GW Trojan ( 0053be681 ) 20180927
Kaspersky HEUR:Trojan-Ransom.MSIL.Crypren.gen 20180928
MAX malware (ai score=84) 20180928
McAfee Artemis!D1C2F7912581 20180928
McAfee-GW-Edition Artemis 20180928
Microsoft Trojan:Win32/Tiggre!plock 20180927
eScan Generic.Ransom.WCryG.B6E79C46 20180928
Palo Alto Networks (Known Signatures) generic.ml 20180928
Qihoo-360 Win32/Trojan.Ransom.5a0 20180928
Sophos AV Mal/Ramsil-T 20180928
Symantec ML.Attribute.HighConfidence 20180928
Tencent Win32.Trojan.Raas.Auto 20180928
TrendMicro Ransom_Crypren.R001C0RIR18 20180928
TrendMicro-HouseCall Ransom_Crypren.R001C0RIR18 20180928
ZoneAlarm by Check Point HEUR:Trojan-Ransom.MSIL.Crypren.gen 20180925
AegisLab 20180928
Alibaba 20180921
Antiy-AVL 20180928
Avast 20180927
Avast-Mobile 20180927
AVG 20180927
Avira (no cloud) 20180928
AVware 20180925
Babable 20180918
Baidu 20180927
Bkav 20180927
CMC 20180927
Comodo 20180928
Cylance 20180928
Cyren 20180928
eGambit 20180928
F-Prot 20180928
Ikarus 20180927
Sophos ML 20180717
Jiangmin 20180928
Kingsoft 20180928
Malwarebytes 20180928
NANO-Antivirus 20180928
Panda 20180927
Rising 20180928
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20180924
TACHYON 20180928
TheHacker 20180927
TotalDefense 20180925
Trustlook 20180928
VBA32 20180927
VIPRE 20180927
ViRobot 20180927
Webroot 20180928
Yandex 20180927
Zillya 20180927
Zoner 20180927
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Original name Windows Update.exe
Internal name Windows Update.exe
File version 1.0.0.0
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-08-30 20:13:09
Entry Point 0x0002E2A6
Number of sections 3
.NET details
Module Version ID db4c5f68-efc8-41f4-8be6-f62ea5dfd029
TypeLib ID 282b8d86-f33f-441e-8bb5-95903351be39
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 4
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
19456

ImageVersion
0.0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
48.0

FileTypeExtension
exe

OriginalFileName
Windows Update.exe

MIMEType
application/octet-stream

FileVersion
1.0.0.0

TimeStamp
2018:08:30 21:13:09+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Windows Update.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
181248

FileSubtype
0

ProductVersionNumber
1.0.0.0

EntryPoint
0x2e2a6

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 d1c2f79125818f1e7ea16784acf63712
SHA1 85840e41dd19d0d84cbc552d4233d348dd99a65d
SHA256 22f47eed5da54802856a9aa4662c4a3d70d501b9726b662842da438fe0be593a
ssdeep
6144:jiW8bh58RsVYMWAP0ZDOf8ulX7zqdJY9RgM:uWKEsVCDZJulX3qT0Rg

authentihash 2da6d7e5c7622c0882bb46429aabfdee9f6eabf0e65b1c9e574a2a224c1811dc
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 196.5 KB ( 201216 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2018-09-28 03:13:51 UTC ( 7 months, 4 weeks ago )
Last submission 2018-09-28 03:13:51 UTC ( 7 months, 4 weeks ago )
File names Windows Update.exe
fileslockerRansome.exe
22f47eed5da54802856a9aa4662c4a3d70d501b9726b662842da438fe0be593a._exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!